export const meta = {
  title: 'What is the difference between the service secret and Management API secret?',
  position: 4,
  articleGroup: 'Service secret vs Management API secret',
}

## FAQ

The [**service secret**](ghd4#service-secret) is specified in your `prisma.yml` as the [`secret`](5cy7#secret-optional) property and used to protect your Prisma services. The service secret is used to generate [service tokens](ghd4#service-token) (JWT). When making requests against your Prisma service, you must include such a service token in the `Authorization` header as a _bearer_ token. The service token can be generated using the [`prisma token`](xcv5) command.

If you're using the [Prisma client](/prisma-client), you don't need to generate the tokens manually, nor attach them to any requests made against your service. The generated Prisma client knows the `secret` from your `prisma.yml` and therefore is able to generate the required service tokens at runtime when it sends requests to the Prisma API.

The [**Management API secret**](kke4#management-api-secret) is specified in the Docker Compose file that's used to deploy a [Prisma server](/prisma-server). It protects the [Management API](foe1) of the Prisma server.

The Management API is used by the Prisma CLI. The Prisma CLI often needs to make changes to the deployed services, such as migrating the datamodel of a service or resetting its data. To confirm that the CLI is authorized to make these requests, it needs access to the Management API secret. It gets access to it through the `PRISMA_MANAGEMENT_API_SECRET` environment variable which you need to set when using the CLI (note that this is not the case when using Prisma [Demo servers](jfr3)).